Last active
April 21, 2020 23:27
-
-
Save simonswine/794d42a66205bd5348dc175c20a0e366 to your computer and use it in GitHub Desktop.
Calico 2.6.2 yaml working on SELinux + DaemonSet upgrades
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Calico Version v2.6.2 | |
| # https://docs.projectcalico.org/v2.6/releases#v2.6.2 | |
| # This manifest includes the following component versions: | |
| # calico/node:v2.6.2 | |
| # calico/cni:v1.11.0 | |
| # This ConfigMap is used to configure a self-hosted Calico installation. | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: calico-config | |
| namespace: kube-system | |
| data: | |
| # The CNI network configuration to install on each node. | |
| cni_network_config: |- | |
| { | |
| "name": "k8s-pod-network", | |
| "cniVersion": "0.1.0", | |
| "type": "calico", | |
| "log_level": "info", | |
| "datastore_type": "kubernetes", | |
| "nodename": "__KUBERNETES_NODE_NAME__", | |
| "mtu": 1500, | |
| "ipam": { | |
| "type": "host-local", | |
| "subnet": "usePodCidr" | |
| }, | |
| "policy": { | |
| "type": "k8s", | |
| "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" | |
| }, | |
| "kubernetes": { | |
| "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", | |
| "kubeconfig": "__KUBECONFIG_FILEPATH__" | |
| } | |
| } | |
| --- | |
| # This manifest installs the calico/node container, as well | |
| # as the Calico CNI plugins and network config on | |
| # each master and worker node in a Kubernetes cluster. | |
| kind: DaemonSet | |
| apiVersion: extensions/v1beta1 | |
| metadata: | |
| name: calico-node | |
| namespace: kube-system | |
| labels: | |
| k8s-app: calico-node | |
| spec: | |
| selector: | |
| matchLabels: | |
| k8s-app: calico-node | |
| updateStrategy: | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: calico-node | |
| annotations: | |
| # This, along with the CriticalAddonsOnly toleration below, | |
| # marks the pod as a critical add-on, ensuring it gets | |
| # priority scheduling and that its resources are reserved | |
| # if it ever gets evicted. | |
| scheduler.alpha.kubernetes.io/critical-pod: '' | |
| spec: | |
| hostNetwork: true | |
| serviceAccountName: calico-node | |
| tolerations: | |
| # Allow the pod to run on the master. This is required for | |
| # the master to communicate with pods. | |
| - key: node-role.kubernetes.io/master | |
| effect: NoSchedule | |
| # Mark the pod as a critical add-on for rescheduling. | |
| - key: "CriticalAddonsOnly" | |
| operator: "Exists" | |
| # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force | |
| # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. | |
| terminationGracePeriodSeconds: 0 | |
| containers: | |
| # Runs calico/node container on each Kubernetes node. This | |
| # container programs network policy and routes on each | |
| # host. | |
| - name: calico-node | |
| image: quay.io/calico/node:v2.6.2 | |
| env: | |
| # Use Kubernetes API as the backing datastore. | |
| - name: DATASTORE_TYPE | |
| value: "kubernetes" | |
| # Enable felix info logging. | |
| - name: FELIX_LOGSEVERITYSCREEN | |
| value: "info" | |
| # Cluster type to identify the deployment type | |
| - name: CLUSTER_TYPE | |
| value: "k8s,bgp" | |
| # Disable file logging so `kubectl logs` works. | |
| - name: CALICO_DISABLE_FILE_LOGGING | |
| value: "true" | |
| # Set Felix endpoint to host default action to ACCEPT. | |
| - name: FELIX_DEFAULTENDPOINTTOHOSTACTION | |
| value: "ACCEPT" | |
| # Disable IPV6 on Kubernetes. | |
| - name: FELIX_IPV6SUPPORT | |
| value: "false" | |
| # Set MTU for tunnel device used if ipip is enabled | |
| - name: FELIX_IPINIPMTU | |
| value: "1440" | |
| # Wait for the datastore. | |
| - name: WAIT_FOR_DATASTORE | |
| value: "true" | |
| # The Calico IPv4 pool to use. This should match `--cluster-cidr` | |
| - name: CALICO_IPV4POOL_CIDR | |
| value: "10.234.0.0/16" | |
| # Enable IPIP | |
| - name: CALICO_IPV4POOL_IPIP | |
| value: "always" | |
| # Enable IP-in-IP within Felix. | |
| - name: FELIX_IPINIPENABLED | |
| value: "true" | |
| # Make sure VMs are accessible | |
| - name: FELIX_IGNORELOOSERPF | |
| value: "true" | |
| # Set based on the k8s node name. | |
| - name: NODENAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| # No IP address needed. | |
| - name: IP | |
| value: "" | |
| - name: FELIX_HEALTHENABLED | |
| value: "true" | |
| securityContext: | |
| privileged: true | |
| resources: | |
| requests: | |
| cpu: 250m | |
| livenessProbe: | |
| httpGet: | |
| path: /liveness | |
| port: 9099 | |
| periodSeconds: 10 | |
| initialDelaySeconds: 10 | |
| failureThreshold: 6 | |
| readinessProbe: | |
| httpGet: | |
| path: /readiness | |
| port: 9099 | |
| periodSeconds: 10 | |
| volumeMounts: | |
| - mountPath: /lib/modules | |
| name: lib-modules | |
| readOnly: true | |
| - mountPath: /var/run/calico | |
| name: var-run-calico | |
| readOnly: false | |
| # This container installs the Calico CNI binaries | |
| # and CNI network config file on each node. | |
| - name: install-cni | |
| image: quay.io/calico/cni:v1.11.0 | |
| command: ["/install-cni.sh"] | |
| env: | |
| # The CNI network config to install on each node. | |
| - name: CNI_NETWORK_CONFIG | |
| valueFrom: | |
| configMapKeyRef: | |
| name: calico-config | |
| key: cni_network_config | |
| # Set the hostname based on the k8s node name. | |
| - name: KUBERNETES_NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| volumeMounts: | |
| - mountPath: /host/opt/cni/bin | |
| name: cni-bin-dir | |
| - mountPath: /host/etc/cni/net.d | |
| name: cni-net-dir | |
| securityContext: | |
| privileged: true | |
| volumes: | |
| # Used by calico/node. | |
| - name: lib-modules | |
| hostPath: | |
| path: /lib/modules | |
| - name: var-run-calico | |
| hostPath: | |
| path: /var/run/calico | |
| # Used to install CNI. | |
| - name: cni-bin-dir | |
| hostPath: | |
| path: /opt/cni/bin | |
| - name: cni-net-dir | |
| hostPath: | |
| path: /etc/cni/net.d | |
| # Create all the CustomResourceDefinitions needed for | |
| # Calico policy and networking mode. | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| description: Calico Global Felix Configuration | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: globalfelixconfigs.crd.projectcalico.org | |
| spec: | |
| scope: Cluster | |
| group: crd.projectcalico.org | |
| version: v1 | |
| names: | |
| kind: GlobalFelixConfig | |
| plural: globalfelixconfigs | |
| singular: globalfelixconfig | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| description: Calico BGP Peers | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: bgppeers.crd.projectcalico.org | |
| spec: | |
| scope: Cluster | |
| group: crd.projectcalico.org | |
| version: v1 | |
| names: | |
| kind: BGPPeer | |
| plural: bgppeers | |
| singular: bgppeer | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| description: Calico Global BGP Configuration | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: globalbgpconfigs.crd.projectcalico.org | |
| spec: | |
| scope: Cluster | |
| group: crd.projectcalico.org | |
| version: v1 | |
| names: | |
| kind: GlobalBGPConfig | |
| plural: globalbgpconfigs | |
| singular: globalbgpconfig | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| description: Calico IP Pools | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: ippools.crd.projectcalico.org | |
| spec: | |
| scope: Cluster | |
| group: crd.projectcalico.org | |
| version: v1 | |
| names: | |
| kind: IPPool | |
| plural: ippools | |
| singular: ippool | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| description: Calico Global Network Policies | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: globalnetworkpolicies.crd.projectcalico.org | |
| spec: | |
| scope: Cluster | |
| group: crd.projectcalico.org | |
| version: v1 | |
| names: | |
| kind: GlobalNetworkPolicy | |
| plural: globalnetworkpolicies | |
| singular: globalnetworkpolicy | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: calico-node | |
| namespace: kube-system |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment